Microsoft discovered a serious vulnerability in the TikTok Android app that allowed attackers to hack user accounts with a single click.
The vulnerability had already been fixed, and no evidence of its exploitation was found.
Clicking on a malicious link was enough to steal an account. Attackers could then gain access to the profile, modify its data, and upload sensitive information.
Account theft was possible because hackers could force an application to load an arbitrary URL into WebView, and this gave access to WebView's connected JavaScript bridges.